Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3a3ab90429...18.exe

windows7-x64

10

3a3ab90429...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 13:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe

  • Size

    573KB

  • MD5

    3a3ab90429325f26be4c1536825b7d86

  • SHA1

    33c272468c115890d6a44cd6918509d37c89ce04

  • SHA256

    9dab2a8cd79a947c700da1f58f7e967fd81cc321414d4cb512ab65b483834798

  • SHA512

    432222783cd46aa27941b8c67fc9f125270e1dc97b2effe2a4dc5a24f9f9ab841e07aa31bd6da63782359b926b4ca21aadbdd3c664f2c2af9115bad22304824c

  • SSDEEP

    12288:PwdMXQKgBN/6gADczag9yu7EXZLpryKGoXHUtkxF8y:I2AKgPFacFQZeoXH5b

Score
10/10
raccooncd8dc1031358b1aec55cc6bc447df1018b068607discoverystealer

Malware Config

Extracted

Family

raccoon

Version

1.7.3

Botnet

cd8dc1031358b1aec55cc6bc447df1018b068607

Attributes
  • url4cnc

    https://telete.in/jagressor_kz

rc4.plain
1
$Z2s`ten\@bE9vzR
rc4.plain
1
25ef3d2ceb7c85368a843a6d0ff8291d

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V1 payload 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1300

Network

  • flag-us
    DNS
    telete.in
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    199.59.243.227
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    542 B
     219 B
     7
    5
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    576 B
     306 B
     10
    7
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    524 B
     339 B
     9
    8
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    395 B
     179 B
     6
    4
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    824 B
     353 B
     13
    8
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    692 B
     271 B
     10
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    490 B
     271 B
     8
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    542 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    380 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    489 B
     255 B
     8
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    432 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    1.0kB
     259 B
     11
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    432 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    441 B
     259 B
     7
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    288 B
     219 B
     5
    5
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    389 B
     259 B
     6
    6
  • 199.59.243.227:443
    telete.in
    tls
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    334 B
     259 B
     6
    6
  • 8.8.8.8:53
    telete.in
    dns
    3a3ab90429325f26be4c1536825b7d86_JaffaCakes118.exe
    55 B
     71 B
     1
    1

    DNS Request

    telete.in

    DNS Response

    199.59.243.227

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1300-1-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1300-2-0x0000000000950000-0x00000000009E1000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1300-3-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1300-4-0x0000000000250000-0x0000000000350000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1300-5-0x0000000000950000-0x00000000009E1000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1300-7-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1300-6-0x0000000000400000-0x0000000000946000-memory.dmp

    Filesize

    5.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.